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Amendment to the Claims : 

This listing of claims replaces all prior versions, and 
listings, of claims in the application: 

1. (Currently amended) A method, comprising: 

obtaining policy rules, and simplifying said policy rules, 
at least t o remove duplicate policy rules and to f o rm simplified 
policy rules; and 

based on said simplified policy rules, creating an access 
control list adapted to configure a network device,- and 

using the access control list to generate access filters. 



2. (Currently amended) The method of claim 1 further 
comprising expanding the policy rules into value groups chat 
represent conditions occurring in the netw or k device associated 
with the policy rules. 

3 . {Currently amended) The method of claim 2 further 
comprising wherein said simplifying comprises excluding 
conditions that would otherwise be implied by fefee po licy rules. 
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4. (Original) The method of claim 3 further comprising 
resolving inconsistent conditions that result from expanding the 
policy rules and excluding the policy rule conditions. 

5. (Original) The method of claim 1 further comprising 
creating at least one array of included or excluded conditions 
from the policy rules. 



6 . (Currently amended) The method of claim 5 wherein 
V generating the access filters further comprises: 
^/\ adding filters adapted to control access of a device to 

another a component other than the network device in the network 
connected to the network device. 



7. (Original) The method of claim 6 further comprising 
generating deny filters by combining the at least one array of 
excluded conditions and the at least one array of included 
conditions . 



8. (Original) The method of claim 6 further comprising 
generating permit filters by combining the at least one of the 
arrays of the included conditions with the remaining arrays of 
included conditions. 
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9. (Currently amended) A computer network, comprising : 
a first device adapted to disseminate policy rules in the 

network; and 

a second device adapted to receive the policy rules 
disseminated on the network by the first device and adapted to: 
simplifying said policy rule s , at least to remove 
duplicate policy rules and to form simplified policy rules; 

based on policy rules, create an access control list 
adapted to configure the at least one device from the 
filters ; 

and to use the access control list to generate access 
filters from the translated policies. 

10. (Original) The system of claim 9 wherein the second 
device further comprises a permit filter. 

11. (Original) The system of claim 10 further comprising a 
plurality of data-storage devices adapted to permit access to 
the second device. 

12. (Original) The system of claim 9 wherein the second 
device further comprises a deny filter. 

4 

PAGE 5/10* RCVD AT 113012004 8:01:07 PM [Eastern Standard Time] * SVR;USPT0-EFXRF-1I2 * DNIS;872W06 * C$0:1 858 678 5099 * DURATION (mm-ss):03-10 




01/30/2004 17:02 FAX 1 858 67^50fl3 FISH AND RICHARDSON ^ ©006/01 

Attorney Docket No. 10559-1 51001 
Serial NO. ; 09/539,937 
Amendment dated January 30, 2004 
Reply to Office Action dated October 30, 2003 

13. (Original) The system of claim 12 further comprising a 
plurality of data-storage devices adapted to deny access to the 
second device. 

14. (Currently amended) An article comprising a computer- 
readable medium which stores computer executable instructions 
for managing policy rules on a network, the instructions causing 
a computer to: 

simplifying said policy rules, at least to remo ve 
duplicate policy rules and to form simplified policy rules; 

based on policy rules, create an access control list 
adapted to configure the devices from the simplified rules; 
and 

use the access control list to generate access 
filters. 

15. (Currently amended) The article of claim 14 further 
comprising instructions to expand the policy rules into value 
groups, wherein value groups represent conditions occurring in 
the network device associated with the policy rules, 
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16. (Original) The article of claim 15 wherein the 
instructions to translate the policy rules further includes 
instructions to exclude conditions that would otherwise be 
implied by the policy rules. 

17. (Original) The article of claim 16 wherein the 
instructions to translate the policy rules further includes 
instructions to resolve inconsistent conditions that result from 
expanding the policy rules and excluding the policy rule 
conditions . 

18. (Currently amended) A network device, comprising: 
a configurable management process located on the device 

having instructions to.- 

receive the policy rules in a network device; 

translate the policy rules to a set of simplified 
rules at least removing duplicate parts of said rules to 
form said simplified rules ; 

create an access control list adapted to configure the 
dcvicos network device from the simplified rules; and 

use the access control list to generate access 
filters . 
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19. (Original) The device of claim 18 further comprising a 
connection to an external network.. 




network is a local area network . 



20. (Original) The device of claim 19 wherein the external 



21. (Original) The device of claim 19 wherein the external 
network is the Internet . 

22-24 . (Cancelled) 
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